diff --git a/apis/bases/core.openstack.org_openstackcontrolplanes.yaml b/apis/bases/core.openstack.org_openstackcontrolplanes.yaml index 49b48ad7a..a39dd19f6 100644 --- a/apis/bases/core.openstack.org_openstackcontrolplanes.yaml +++ b/apis/bases/core.openstack.org_openstackcontrolplanes.yaml @@ -669,6 +669,24 @@ spec: x-kubernetes-int-or-string: true type: object type: object + tls: + properties: + api: + properties: + internal: + properties: + secretName: + type: string + type: object + public: + properties: + secretName: + type: string + type: object + type: object + caBundleSecretName: + type: string + type: object required: - containerImage type: object diff --git a/apis/go.mod b/apis/go.mod index c4b85161a..1698211b6 100644 --- a/apis/go.mod +++ b/apis/go.mod @@ -6,7 +6,7 @@ require ( github.com/onsi/ginkgo/v2 v2.14.0 github.com/onsi/gomega v1.30.0 github.com/openstack-k8s-operators/barbican-operator/api v0.0.0-20240205082437-655a181feae0 - github.com/openstack-k8s-operators/cinder-operator/api v0.3.1-0.20240131135629-5e8e748d6046 + github.com/openstack-k8s-operators/cinder-operator/api v0.3.1-0.20240207124115-6572d1bc92c9 github.com/openstack-k8s-operators/designate-operator/api v0.0.0-20240205082155-620a93388acf github.com/openstack-k8s-operators/glance-operator/api v0.3.1-0.20240206110918-d3646fda9535 github.com/openstack-k8s-operators/heat-operator/api v0.3.1-0.20240205114610-35cd4930ad3b diff --git a/apis/go.sum b/apis/go.sum index c2f146864..da232bd46 100644 --- a/apis/go.sum +++ b/apis/go.sum @@ -132,8 +132,8 @@ github.com/openshift/api v0.0.0-20230414143018-3367bc7e6ac7 h1:rncLxJBpFGqBztyxC github.com/openshift/api v0.0.0-20230414143018-3367bc7e6ac7/go.mod h1:ctXNyWanKEjGj8sss1KjjHQ3ENKFm33FFnS5BKaIPh4= github.com/openstack-k8s-operators/barbican-operator/api v0.0.0-20240205082437-655a181feae0 h1:ms/NDnz14E3AfX6dYl/JhSHPuHYjLkO/Zc9UMMYjVeA= github.com/openstack-k8s-operators/barbican-operator/api v0.0.0-20240205082437-655a181feae0/go.mod h1:mC7tpqh65pTV1tm3lFX/Onya/OAWfD8kssfrnvjj5n8= -github.com/openstack-k8s-operators/cinder-operator/api v0.3.1-0.20240131135629-5e8e748d6046 h1:e0/Y91PcpmV+7xqu9ZwSOLN+lGexwmbHpm4B456XhiE= -github.com/openstack-k8s-operators/cinder-operator/api v0.3.1-0.20240131135629-5e8e748d6046/go.mod h1:dmFpsn/Ad88blxLOsDp1rKzcz+/hQ7FtsYPxKrYphdA= +github.com/openstack-k8s-operators/cinder-operator/api v0.3.1-0.20240207124115-6572d1bc92c9 h1:ncNVImtQifj8arpR5b9yhZa6L3q3fPYZFxZUpTkOYWE= +github.com/openstack-k8s-operators/cinder-operator/api v0.3.1-0.20240207124115-6572d1bc92c9/go.mod h1:dmFpsn/Ad88blxLOsDp1rKzcz+/hQ7FtsYPxKrYphdA= github.com/openstack-k8s-operators/designate-operator/api v0.0.0-20240205082155-620a93388acf h1:uDIKwac+IXC7biK/XRygnR2qSVWFUdx1Jj3MrPB8DIs= github.com/openstack-k8s-operators/designate-operator/api v0.0.0-20240205082155-620a93388acf/go.mod h1:lKjYKU6WeGidYNhTOdiEvKRpgl3NVewmcM4b5mROGQ0= github.com/openstack-k8s-operators/glance-operator/api v0.3.1-0.20240206110918-d3646fda9535 h1:iS4FHKleKOMy8750d95+baxj8y1diIMJCRHdRCsMLTU= diff --git a/config/crd/bases/core.openstack.org_openstackcontrolplanes.yaml b/config/crd/bases/core.openstack.org_openstackcontrolplanes.yaml index 49b48ad7a..a39dd19f6 100644 --- a/config/crd/bases/core.openstack.org_openstackcontrolplanes.yaml +++ b/config/crd/bases/core.openstack.org_openstackcontrolplanes.yaml @@ -669,6 +669,24 @@ spec: x-kubernetes-int-or-string: true type: object type: object + tls: + properties: + api: + properties: + internal: + properties: + secretName: + type: string + type: object + public: + properties: + secretName: + type: string + type: object + type: object + caBundleSecretName: + type: string + type: object required: - containerImage type: object diff --git a/go.mod b/go.mod index 2d3f8cfb2..91305d897 100644 --- a/go.mod +++ b/go.mod @@ -10,7 +10,7 @@ require ( github.com/onsi/ginkgo/v2 v2.14.0 github.com/onsi/gomega v1.30.0 github.com/openstack-k8s-operators/barbican-operator/api v0.0.0-20240205082437-655a181feae0 - github.com/openstack-k8s-operators/cinder-operator/api v0.3.1-0.20240131135629-5e8e748d6046 + github.com/openstack-k8s-operators/cinder-operator/api v0.3.1-0.20240207124115-6572d1bc92c9 github.com/openstack-k8s-operators/dataplane-operator/api v0.3.1-0.20240206123725-eb350187c545 github.com/openstack-k8s-operators/designate-operator/api v0.0.0-20240205082155-620a93388acf github.com/openstack-k8s-operators/glance-operator/api v0.3.1-0.20240206110918-d3646fda9535 diff --git a/go.sum b/go.sum index 325cc3b0f..2e6e76f7f 100644 --- a/go.sum +++ b/go.sum @@ -143,8 +143,8 @@ github.com/openshift/api v0.0.0-20230414143018-3367bc7e6ac7 h1:rncLxJBpFGqBztyxC github.com/openshift/api v0.0.0-20230414143018-3367bc7e6ac7/go.mod h1:ctXNyWanKEjGj8sss1KjjHQ3ENKFm33FFnS5BKaIPh4= github.com/openstack-k8s-operators/barbican-operator/api v0.0.0-20240205082437-655a181feae0 h1:ms/NDnz14E3AfX6dYl/JhSHPuHYjLkO/Zc9UMMYjVeA= github.com/openstack-k8s-operators/barbican-operator/api v0.0.0-20240205082437-655a181feae0/go.mod h1:mC7tpqh65pTV1tm3lFX/Onya/OAWfD8kssfrnvjj5n8= -github.com/openstack-k8s-operators/cinder-operator/api v0.3.1-0.20240131135629-5e8e748d6046 h1:e0/Y91PcpmV+7xqu9ZwSOLN+lGexwmbHpm4B456XhiE= -github.com/openstack-k8s-operators/cinder-operator/api v0.3.1-0.20240131135629-5e8e748d6046/go.mod h1:dmFpsn/Ad88blxLOsDp1rKzcz+/hQ7FtsYPxKrYphdA= +github.com/openstack-k8s-operators/cinder-operator/api v0.3.1-0.20240207124115-6572d1bc92c9 h1:ncNVImtQifj8arpR5b9yhZa6L3q3fPYZFxZUpTkOYWE= +github.com/openstack-k8s-operators/cinder-operator/api v0.3.1-0.20240207124115-6572d1bc92c9/go.mod h1:dmFpsn/Ad88blxLOsDp1rKzcz+/hQ7FtsYPxKrYphdA= github.com/openstack-k8s-operators/dataplane-operator/api v0.3.1-0.20240206123725-eb350187c545 h1:eiUyijt5ij1Do1abYQjqzcFujjGSMJRQbP8Z/L+MqfY= github.com/openstack-k8s-operators/dataplane-operator/api v0.3.1-0.20240206123725-eb350187c545/go.mod h1:Q21yYPSzEhCLoi4aJyl1AW+V5RQE3+GzXaxhtGp2x/Y= github.com/openstack-k8s-operators/designate-operator/api v0.0.0-20240205082155-620a93388acf h1:uDIKwac+IXC7biK/XRygnR2qSVWFUdx1Jj3MrPB8DIs= diff --git a/pkg/openstack/cinder.go b/pkg/openstack/cinder.go index e0ffcf368..178d3ab8d 100644 --- a/pkg/openstack/cinder.go +++ b/pkg/openstack/cinder.go @@ -56,6 +56,12 @@ func ReconcileCinder(ctx context.Context, instance *corev1beta1.OpenStackControl } } + // preserve any previously set TLS certs,set CA cert + if instance.Spec.TLS.Enabled(service.EndpointInternal) { + instance.Spec.Cinder.Template.CinderAPI.TLS = cinder.Spec.CinderAPI.TLS + } + instance.Spec.Cinder.Template.CinderAPI.TLS.CaBundleSecretName = instance.Status.TLS.CaBundleSecretName + if cinder.Status.Conditions.IsTrue(cinderv1.CinderAPIReadyCondition) { svcs, err := service.GetServicesListWithLabel( ctx, @@ -76,7 +82,7 @@ func ReconcileCinder(ctx context.Context, instance *corev1beta1.OpenStackControl instance.Spec.Cinder.Template.CinderAPI.Override.Service, instance.Spec.Cinder.APIOverride, corev1beta1.OpenStackControlPlaneExposeCinderReadyCondition, - true, // TODO: (mschuppert) disable TLS for now until implemented + false, // TODO (mschuppert) could be removed when all integrated service support TLS ) if err != nil { return ctrlResult, err @@ -85,6 +91,10 @@ func ReconcileCinder(ctx context.Context, instance *corev1beta1.OpenStackControl } instance.Spec.Cinder.Template.CinderAPI.Override.Service = endpointDetails.GetEndpointServiceOverrides() + + // update TLS settings with cert secret + instance.Spec.Cinder.Template.CinderAPI.TLS.API.Public.SecretName = endpointDetails.GetEndptCertSecret(service.EndpointPublic) + instance.Spec.Cinder.Template.CinderAPI.TLS.API.Internal.SecretName = endpointDetails.GetEndptCertSecret(service.EndpointInternal) } Log.Info("Reconciling Cinder", "Cinder.Namespace", instance.Namespace, "Cinder.Name", "cinder")